[Vol-dev] Cuckoo and Volatility

Thorsten Sick thorsten.sick at avira.com
Mon May 6 02:25:08 CDT 2013


Hi List

I am writing a Volatility plugin for Cuckoobox:

https://github.com/Thorsten-Sick/cuckoo/tree/volatility

That allows us to automate Malware analysis. Cuckoobox runs the malware
and creates a memory snapshot. Volatility extracts the information,
Cuckoobox afterwards generates nice reports from that.
These are ready for statistics and automated processing.

I hope to get the changes into the next Cuckoobox 0.7.

But at the moment using Volatility 2.2 I had to duplicate some code from
the Volatility plugins in Cuckoobox. I need data (python dict), not a
text log. Instead of duplicating code I would love to have a method in
the voaltility plugins that returns the data instead of some text log. I
would code that and (if you want) re-create the render_text methods to
also use the data from this method.

* What do you think ?
* Where to submit it for fast review and integration ?
* Any other requirements ?
* For which volatility version should I code (as far as I know you are
about to release 2.3 soonish)

Cheers
Thorsten Sick



-- 
Thorsten Sick, Research

Avira Operations GmbH & Co. KG
Kaplaneiweg 1
88069 Tettnang
Germany
Phone: +49 7542-500 0
Fax: +49 7542-500 3000
Internet: http://www.avira.com


More information about the Vol-dev mailing list